<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Spring Security  下 | FATE</title><meta name="keywords" content="SpringBoot,SpringSecurity"><meta name="author" content="MoYu-zc"><meta name="copyright" content="MoYu-zc"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta http-equiv="Cache-Control" content="no-transform"><meta http-equiv="Cache-Control" content="no-siteapp"><meta name="description" content="Spring Security  下Security 注解使用1.@Secured 判断是否具有角色，另外需要注意的是这里匹配的字符串需要添加前缀 ROLE  1.在 启动类 或者 配置类 上加入注解  开启该注解 @EnableGlobalMethodSecurity(securedEnabled &#x3D; true)  2.Controller层加入方法注解 @GetMapping(&quot;&#x2F;u">
<meta property="og:type" content="article">
<meta property="og:title" content="Spring Security  下">
<meta property="og:url" content="http://example.com/2021/05/06/Spring%20Security%20%20%E4%B8%8B/index.html">
<meta property="og:site_name" content="FATE">
<meta property="og:description" content="Spring Security  下Security 注解使用1.@Secured 判断是否具有角色，另外需要注意的是这里匹配的字符串需要添加前缀 ROLE  1.在 启动类 或者 配置类 上加入注解  开启该注解 @EnableGlobalMethodSecurity(securedEnabled &#x3D; true)  2.Controller层加入方法注解 @GetMapping(&quot;&#x2F;u">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210223164156.jpg">
<meta property="article:published_time" content="2021-05-05T16:00:00.000Z">
<meta property="article:modified_time" content="2021-06-13T14:29:13.435Z">
<meta property="article:author" content="MoYu-zc">
<meta property="article:tag" content="SpringBoot">
<meta property="article:tag" content="SpringSecurity">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210223164156.jpg"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="http://example.com/2021/05/06/Spring%20Security%20%20%E4%B8%8B/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@latest/dist/jquery.fancybox.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/node-snackbar/dist/snackbar.min.css"><script>var GLOBAL_CONFIG = { 
  root: '/',
  hexoversion: '5.2.0',
  algolia: undefined,
  localSearch: {"path":"search.xml","languages":{"hits_empty":"找不到您查询的内容：${query}"}},
  translate: {"defaultEncoding":2,"translateDelay":0,"msgToTraditionalChinese":"繁","msgToSimplifiedChinese":"簡"},
  noticeOutdate: undefined,
  highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true},
  copy: {
    success: '复制成功',
    error: '复制错误',
    noSupport: '浏览器不支持'
  },
  relativeDate: {
    homepage: false,
    post: false
  },
  runtime: '天',
  date_suffix: {
    just: '刚刚',
    min: '分钟前',
    hour: '小时前',
    day: '天前',
    month: '个月前'
  },
  copyright: undefined,
  ClickShowText: undefined,
  lightbox: 'fancybox',
  Snackbar: {"chs_to_cht":"你已切换为繁体","cht_to_chs":"你已切换为简体","day_to_night":"你已切换为深色模式","night_to_day":"你已切换为浅色模式","bgLight":"#49b1f5","bgDark":"#121212","position":"top-right"},
  justifiedGallery: {
    js: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/js/jquery.justifiedGallery.min.js',
    css: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/css/justifiedGallery.min.css'
  },
  isPhotoFigcaption: false,
  islazyload: true,
  isanchor: false
};

var saveToLocal = {
  set: function setWithExpiry(key, value, ttl) {
    const now = new Date()
    const expiryDay = ttl * 86400000
    const item = {
      value: value,
      expiry: now.getTime() + expiryDay,
    }
    localStorage.setItem(key, JSON.stringify(item))
  },

  get: function getWithExpiry(key) {
    const itemStr = localStorage.getItem(key)

    if (!itemStr) {
      return undefined
    }
    const item = JSON.parse(itemStr)
    const now = new Date()

    if (now.getTime() > item.expiry) {
      localStorage.removeItem(key)
      return undefined
    }
    return item.value
  }
}</script><script id="config_change">var GLOBAL_CONFIG_SITE = { 
  isPost: true,
  isHome: false,
  isHighlightShrink: false,
  isSidebar: true,
  postUpdate: '2021-06-13 22:29:13'
}</script><noscript><style type="text/css">
  #nav {
    opacity: 1
  }
  .justified-gallery img {
    opacity: 1
  }

  #recent-posts time,
  #post-meta time {
    display: inline !important
  }
</style></noscript><script>(function () {
  window.activateDarkMode = function () {
    document.documentElement.setAttribute('data-theme', 'dark')
    if (document.querySelector('meta[name="theme-color"]') !== null) {
      document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
    }
  }
  window.activateLightMode = function () {
    document.documentElement.setAttribute('data-theme', 'light')
    if (document.querySelector('meta[name="theme-color"]') !== null) {
      document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
    }
  }

  const autoChangeMode = 'false'
  const t = saveToLocal.get('theme')
  if (autoChangeMode === '1') {
    const isDarkMode = window.matchMedia('(prefers-color-scheme: dark)').matches
    const isLightMode = window.matchMedia('(prefers-color-scheme: light)').matches
    const isNotSpecified = window.matchMedia('(prefers-color-scheme: no-preference)').matches
    const hasNoSupport = !isDarkMode && !isLightMode && !isNotSpecified

    if (t === undefined) {
      if (isLightMode) activateLightMode()
      else if (isDarkMode) activateDarkMode()
      else if (isNotSpecified || hasNoSupport) {
        const now = new Date()
        const hour = now.getHours()
        const isNight = hour <= 6 || hour >= 18
        isNight ? activateDarkMode() : activateLightMode()
      }
      window.matchMedia('(prefers-color-scheme: dark)').addListener(function (e) {
        if (saveToLocal.get('theme') === undefined) {
          e.matches ? activateDarkMode() : activateLightMode()
        }
      })
    } else if (t === 'light') activateLightMode()
    else activateDarkMode()
  } else if (autoChangeMode === '2') {
    const now = new Date()
    const hour = now.getHours()
    const isNight = hour <= 6 || hour >= 18
    if (t === undefined) isNight ? activateDarkMode() : activateLightMode()
    else if (t === 'light') activateLightMode()
    else activateDarkMode()
  } else {
    if (t === 'dark') activateDarkMode()
    else if (t === 'light') activateLightMode()
  }
})()</script><link rel="stylesheet" href="/css/iconfont.css"><link rel="stylesheet" href="/css/mycss.css"><meta name="generator" content="Hexo 5.2.0"><link rel="alternate" href="/atom.xml" title="FATE" type="application/atom+xml">
</head><body><div id="mobile-sidebar"><div id="menu_mask"></div><div id="mobile-sidebar-menus"><div class="mobile_author_icon"><img class="avatar-img" data-lazy-src="/img/tit.png" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="mobile_post_data"><div class="mobile_data_item is-center"><div class="mobile_data_link"><a href="/archives/"><div class="headline">文章</div><div class="length_num">39</div></a></div></div><div class="mobile_data_item is-center">      <div class="mobile_data_link"><a href="/tags/"><div class="headline">标签</div><div class="length_num">40</div></a></div></div><div class="mobile_data_item is-center">     <div class="mobile_data_link"><a href="/categories/"><div class="headline">分类</div><div class="length_num">22</div></a></div></div></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fa fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fa fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fa fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fa fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/messageboard/"><i class="fa-fw fa fa-paper-plane"></i><span> 留言板</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fa fa-link"></i><span> 友链</span></a></div><div class="menus_item"><a class="site-page" href="/timeline/"><i class="fa-fw fa fa-bell"></i><span> 日志</span></a></div><div class="menus_item"><a class="site-page" href="/myself/"><i class="fa-fw fa fa-address-card"></i><span> myself</span></a></div><div class="menus_item"><a class="site-page" target="_blank" rel="noopener" href="https://www.moyuzc.cn/"><i class="fa-fw fa fa-home"></i><span> Vuepress</span></a></div></div></div></div><div id="body-wrap"><div id="web_bg"></div><div id="sidebar"><i class="fas fa-arrow-right on" id="toggle-sidebar"></i><div class="sidebar-toc"><div class="sidebar-toc__title">目录</div><div class="sidebar-toc__progress"><span class="progress-notice">你已经读了</span><span class="progress-num">0</span><span class="progress-percentage">%</span><div class="sidebar-toc__progress-bar">     </div></div><div class="sidebar-toc__content"><ol class="toc"><li class="toc-item toc-level-1"><a class="toc-link" href="#Spring-Security-%E4%B8%8B"><span class="toc-text">Spring Security  下</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#Security-%E6%B3%A8%E8%A7%A3%E4%BD%BF%E7%94%A8"><span class="toc-text">Security 注解使用</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-Secured"><span class="toc-text">1.@Secured</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-PreAuthorize"><span class="toc-text">2.@PreAuthorize</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-PostAuthorize"><span class="toc-text">3.@PostAuthorize</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-PostFilter"><span class="toc-text">4.@PostFilter</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#5-PreFilter"><span class="toc-text">5.@PreFilter</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E7%94%A8%E6%88%B7%E6%B3%A8%E9%94%80"><span class="toc-text">用户注销</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%9F%BA%E4%BA%8E%E6%95%B0%E6%8D%AE%E5%BA%93%E5%AE%9E%E7%8E%B0%E8%AE%B0%E4%BD%8F%E6%88%91"><span class="toc-text">基于数据库实现记住我</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#CSRF-%E4%BF%9D%E6%8A%A4"><span class="toc-text">CSRF 保护</span></a></li></ol></li></ol></div></div></div><header class="post-bg" id="page-header" style="background-image: url(https://gitee.com/MoYu-zc/picgo/raw/master/img/20210223164156.jpg)"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">FATE</a></span><span id="menus"><div id="search_button"><a class="site-page social-icon search"><i class="fas fa-search fa-fw"></i><span> 搜索</span></a></div><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fa fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fa fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fa fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fa fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/messageboard/"><i class="fa-fw fa fa-paper-plane"></i><span> 留言板</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fa fa-link"></i><span> 友链</span></a></div><div class="menus_item"><a class="site-page" href="/timeline/"><i class="fa-fw fa fa-bell"></i><span> 日志</span></a></div><div class="menus_item"><a class="site-page" href="/myself/"><i class="fa-fw fa fa-address-card"></i><span> myself</span></a></div><div class="menus_item"><a class="site-page" target="_blank" rel="noopener" href="https://www.moyuzc.cn/"><i class="fa-fw fa fa-home"></i><span> Vuepress</span></a></div></div><span class="close" id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></span></span></nav><div id="post-info"><div id="post-title"><div class="posttitle">Spring Security  下</div></div><div id="post-meta"><div class="meta-firstline"><span class="post-meta-date"><i class="far fa-calendar-alt fa-fw post-meta-icon"></i><span class="post-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-05-05T16:00:00.000Z" title="发表于 2021-05-06 00:00:00">2021-05-06</time><span class="post-meta-separator">|</span><i class="fas fa-history fa-fw post-meta-icon"></i><span class="post-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-06-13T14:29:13.435Z" title="更新于 2021-06-13 22:29:13">2021-06-13</time></span><span class="post-meta-categories"><span class="post-meta-separator">|</span><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/SpringSecurity/">SpringSecurity</a></span></div><div class="meta-secondline"> <span class="post-meta-separator">|</span><span class="post-meta-pv-cv"><i class="far fa-eye fa-fw post-meta-icon"></i><span class="post-meta-label">阅读量:</span><span id="busuanzi_value_page_pv"></span></span></div></div></div></header><main class="layout_post" id="content-inner"><article id="post"><div class="post-content" id="article-container"><h1 id="Spring-Security-下"><a href="#Spring-Security-下" class="headerlink" title="Spring Security  下"></a>Spring Security  下</h1><h2 id="Security-注解使用"><a href="#Security-注解使用" class="headerlink" title="Security 注解使用"></a>Security 注解使用</h2><h3 id="1-Secured"><a href="#1-Secured" class="headerlink" title="1.@Secured"></a>1.@Secured</h3><blockquote>
<p>判断是否具有角色，另外需要注意的是这里匹配的字符串需要添加前缀 <code>ROLE</code></p>
</blockquote>
<p>1.在 <code>启动类</code> 或者 <code>配置类</code> 上加入注解  开启该注解</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@EnableGlobalMethodSecurity(securedEnabled = true)</span></span><br></pre></td></tr></table></figure>

<p>2.Controller层加入方法注解</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@GetMapping(&quot;/update&quot;)</span></span><br><span class="line"><span class="meta">@Secured(&#123;&quot;ROLE_sale&quot;,&quot;ROLE_man&quot;&#125;)</span>   <span class="comment">//有该权限才可以</span></span><br><span class="line"><span class="function"><span class="keyword">public</span> String <span class="title">update</span><span class="params">()</span></span>&#123;</span><br><span class="line">    <span class="keyword">return</span> <span class="string">&quot;update&quot;</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>3.在UserDetailsService实现类中添加权限</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line">List&lt;GrantedAuthority&gt; auths =</span><br><span class="line">                AuthorityUtils.commaSeparatedStringToAuthorityList(<span class="string">&quot;admins,ROLE_user&quot;</span>);</span><br></pre></td></tr></table></figure>

<p>4.运行测试</p>
<p><strong>你登陆之后，如果登录用户没有对应权限，就算是可以登陆上去，也无法进入该路径</strong></p>
<h3 id="2-PreAuthorize"><a href="#2-PreAuthorize" class="headerlink" title="2.@PreAuthorize"></a>2.@PreAuthorize</h3><blockquote>
<p>该注解适合进入方法前的权限验证 ，可以将登录用户的 <code>roles/permissions</code> 参数传到方法中。.</p>
</blockquote>
<p>1.在 <code>启动类</code> 或者 <code>配置类</code> 上加入注解  开启该注解</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@EnableGlobalMethodSecurity(prePostEnabled = true)</span></span><br></pre></td></tr></table></figure>

<p>2.Controller层加入方法注解</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@GetMapping(&quot;/update&quot;)</span></span><br><span class="line"><span class="meta">@PreAuthorize(&quot;hasAnyAuthority(&#x27;admins&#x27;)&quot;)</span></span><br><span class="line">    <span class="comment">/* @PreAuthorize(&quot;hasAnyAuthority(&#x27;admins&#x27;)&quot;) </span></span><br><span class="line"><span class="comment">    *  @PreAuthorize(&quot;hasRole(&#x27;admins&#x27;)&quot;)</span></span><br><span class="line"><span class="comment">    */</span> <span class="meta">@PreAuthorize(&quot;hasAnyRole(&#x27;admins&#x27;)&quot;)</span></span><br><span class="line"><span class="function"><span class="keyword">public</span> String <span class="title">update</span><span class="params">()</span></span>&#123;</span><br><span class="line">    <span class="keyword">return</span> <span class="string">&quot;update&quot;</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>3.在UserDetailsService实现类中添加权限</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line">List&lt;GrantedAuthority&gt; auths =</span><br><span class="line">                AuthorityUtils.commaSeparatedStringToAuthorityList(<span class="string">&quot;admins,ROLE_user&quot;</span>);</span><br></pre></td></tr></table></figure>

<p>4.运行测试</p>
<p><strong>该方法，与在配置类中给网页加上进入权限相同，连四个方法都完全一样</strong></p>
<h3 id="3-PostAuthorize"><a href="#3-PostAuthorize" class="headerlink" title="3.@PostAuthorize"></a>3.@PostAuthorize</h3><blockquote>
<p>该注解使用不多，在方法执行后再进行权限验证，适合验证带有返回值的权限</p>
</blockquote>
<p>1.在 <code>启动类</code> 或者 <code>配置类</code> 上加入注解  开启该注解</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@EnableGlobalMethodSecurity(prePostEnabled = true)</span></span><br></pre></td></tr></table></figure>

<p>2.Controller层加入方法注解</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@GetMapping(&quot;/update&quot;)</span></span><br><span class="line"><span class="meta">@PostAuthorize(&quot;hasAnyAuthority(&#x27;admin&#x27;)&quot;)</span>  <span class="comment">//也是参数为 四种方法</span></span><br><span class="line"><span class="function"><span class="keyword">public</span> String <span class="title">update</span><span class="params">()</span></span>&#123;</span><br><span class="line">    System.out.println(<span class="string">&quot;update。。。&quot;</span>);</span><br><span class="line">    <span class="keyword">return</span> <span class="string">&quot;update&quot;</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>3.在UserDetailsService实现类中添加权限</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line">List&lt;GrantedAuthority&gt; auths =</span><br><span class="line">                AuthorityUtils.commaSeparatedStringToAuthorityList(<span class="string">&quot;admins,ROLE_user&quot;</span>);</span><br></pre></td></tr></table></figure>

<p>4.运行测试</p>
<p><strong>该注解下，虽然权限不足仍然无法进入页面或者返回信息，但是可以先运行方法体中的内容，再校验</strong></p>
<p><strong>所以对于上面的实例，进入路径后，虽然还是显示 没权限403，但是 <code>update</code> 会输出</strong></p>
<h3 id="4-PostFilter"><a href="#4-PostFilter" class="headerlink" title="4.@PostFilter"></a>4.@PostFilter</h3><blockquote>
<p>权限验证之后对<strong>返回的数据</strong>进行过滤</p>
</blockquote>
<p>1.在 <code>启动类</code> 或者 <code>配置类</code> 上加入注解  开启该注解</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@EnableGlobalMethodSecurity(prePostEnabled = true)</span></span><br></pre></td></tr></table></figure>

<p>2.Controller层加入方法注解</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@GetMapping(&quot;getAll&quot;)</span></span><br><span class="line"><span class="meta">@PostAuthorize(&quot;hasAnyAuthority(&#x27;admins&#x27;) &quot;)</span></span><br><span class="line"><span class="meta">@PostFilter(&quot;filterObject.username == &#x27;admin1&#x27;&quot;)</span></span><br><span class="line"><span class="function"><span class="keyword">public</span> List&lt;Users&gt; <span class="title">getAllUser</span><span class="params">()</span> </span>&#123;</span><br><span class="line">    ArrayList&lt;Users&gt; list = <span class="keyword">new</span> ArrayList&lt;&gt;();</span><br><span class="line">    list.add(<span class="keyword">new</span> Users(<span class="number">1</span>, <span class="string">&quot;admin1&quot;</span>, <span class="string">&quot;666&quot;</span>));</span><br><span class="line">    list.add(<span class="keyword">new</span> Users(<span class="number">2</span>, <span class="string">&quot; admin2&quot;</span>, <span class="string">&quot;888&quot;</span>));</span><br><span class="line">    <span class="keyword">return</span> list;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>3.在UserDetailsService实现类中添加权限</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line">List&lt;GrantedAuthority&gt; auths =</span><br><span class="line">                AuthorityUtils.commaSeparatedStringToAuthorityList(<span class="string">&quot;admins,ROLE_user&quot;</span>);</span><br></pre></td></tr></table></figure>

<p>4.运行测试</p>
<p><img src= "/img/loading.gif" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210414160713.png" alt="1"></p>
<h3 id="5-PreFilter"><a href="#5-PreFilter" class="headerlink" title="5.@PreFilter"></a>5.@PreFilter</h3><blockquote>
<p>进入控制器之前对<strong>传递回来的数据</strong>进行过滤</p>
</blockquote>
<p>和 <code>@PostFilter</code> 类似， 不做演示</p>
<h2 id="用户注销"><a href="#用户注销" class="headerlink" title="用户注销"></a>用户注销</h2><p><strong>1.创建登录成功页面</strong></p>
<figure class="highlight html"><table><tr><td class="code"><pre><span class="line"><span class="meta">&lt;!DOCTYPE <span class="meta-keyword">html</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">html</span> <span class="attr">lang</span>=<span class="string">&quot;en&quot;</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">head</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">meta</span> <span class="attr">charset</span>=<span class="string">&quot;UTF-8&quot;</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">title</span>&gt;</span>Title<span class="tag">&lt;/<span class="name">title</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">head</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">body</span>&gt;</span></span><br><span class="line">    登录成功！</span><br><span class="line">    <span class="tag">&lt;<span class="name">a</span> <span class="attr">href</span>=<span class="string">&quot;/logout&quot;</span>&gt;</span>退出<span class="tag">&lt;/<span class="name">a</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">body</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">html</span>&gt;</span></span><br></pre></td></tr></table></figure>

<p><strong>2.配置类中配置注销功能</strong></p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@Override</span></span><br><span class="line"><span class="function"><span class="keyword">protected</span> <span class="keyword">void</span> <span class="title">configure</span><span class="params">(HttpSecurity http)</span> <span class="keyword">throws</span> Exception </span>&#123;</span><br><span class="line">    <span class="comment">//注销，第一个路径为 退出是设置的路径 ； 第二个路径为 成功退出后的路径</span></span><br><span class="line">    http.logout().logoutUrl(<span class="string">&quot;/logout&quot;</span>).logoutSuccessUrl(<span class="string">&quot;/login.html&quot;</span>).permitAll();</span><br><span class="line">    http.exceptionHandling().accessDeniedPage(<span class="string">&quot;/uuauth.html&quot;</span>);</span><br><span class="line">    http.formLogin()   </span><br><span class="line">        .loginPage(<span class="string">&quot;/login.html&quot;</span>) </span><br><span class="line">        .loginProcessingUrl(<span class="string">&quot;/user/login&quot;</span>) </span><br><span class="line">        .defaultSuccessUrl(<span class="string">&quot;/success.html&quot;</span>).permitAll()  <span class="comment">//这里更换为登录成功页面</span></span><br><span class="line">        .and().authorizeRequests()</span><br><span class="line">        .antMatchers(<span class="string">&quot;/&quot;</span>,<span class="string">&quot;/hello&quot;</span>,<span class="string">&quot;/user/login&quot;</span>) </span><br><span class="line">        .permitAll()</span><br><span class="line">        .antMatchers(<span class="string">&quot;/index&quot;</span>).hasRole(<span class="string">&quot;user&quot;</span>)</span><br><span class="line">        .anyRequest().authenticated()</span><br><span class="line">        .and().csrf().disable(); </span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p><strong>3.运行测试</strong></p>
<p>上述两个操作已经足够了</p>
<p>登录页面之后，会出现在 成功登录页面 ，这时候 你进入其他的页面也是可以的(如果权限允许)</p>
<p>点击退出，返回设置好的页面，这时候  其他页面都无法进入</p>
<h2 id="基于数据库实现记住我"><a href="#基于数据库实现记住我" class="headerlink" title="基于数据库实现记住我"></a>基于数据库实现记住我</h2><p><img src= "/img/loading.gif" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210414200748.png" alt="2"></p>
<blockquote>
<p><strong>步骤：</strong></p>
</blockquote>
<ol>
<li><p>创建数据库</p>
</li>
<li><p>配置类 、配置数据源</p>
</li>
<li><p>配置类中 配置 自动登录</p>
</li>
<li><p>登陆页面添加 复选框</p>
</li>
</ol>
<hr>
<p>1.创建数据库  </p>
<p>该数据库语句是 Security 框架中 <strong>内置的创建语句</strong></p>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line"><span class="keyword">CREATE</span> <span class="keyword">TABLE</span> <span class="string">`persistent_logins`</span>( </span><br><span class="line"><span class="string">`username`</span> <span class="built_in">varchar</span>(<span class="number">64</span>) <span class="keyword">NOT</span> <span class="literal">NULL</span>,</span><br><span class="line"><span class="string">`series`</span> <span class="built_in">varchar</span>(<span class="number">64</span>) <span class="keyword">NOT</span> <span class="literal">NULL</span>,</span><br><span class="line"><span class="string">`token`</span> <span class="built_in">varchar</span>(<span class="number">64</span>) <span class="keyword">NOT</span> <span class="literal">NULL</span>, </span><br><span class="line"><span class="string">`last_used`</span> <span class="built_in">timestamp</span> <span class="keyword">NOT</span> <span class="literal">NULL</span> <span class="keyword">DEFAULT</span> <span class="keyword">CURRENT_TIMESTAMP</span> <span class="keyword">ON</span> <span class="keyword">UPDATE</span> <span class="keyword">CURRENT_TIMESTAMP</span>,</span><br><span class="line"> PRIMARY <span class="keyword">KEY</span> (series)</span><br><span class="line">) <span class="keyword">ENGINE</span>=<span class="keyword">InnoDB</span> <span class="keyword">DEFAULT</span> <span class="keyword">CHARSET</span>=utf8</span><br></pre></td></tr></table></figure>

<p>2.配置数据源</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@Autowired</span></span><br><span class="line"><span class="keyword">private</span> DataSource dataSource;</span><br><span class="line"><span class="meta">@Bean</span></span><br><span class="line"><span class="function"><span class="keyword">public</span> PersistentTokenRepository <span class="title">persistentTokenRepository</span><span class="params">()</span></span>&#123;</span><br><span class="line">    JdbcTokenRepositoryImpl jdbcTokenRepository = <span class="keyword">new</span> JdbcTokenRepositoryImpl();</span><br><span class="line">    jdbcTokenRepository.setDataSource(dataSource);</span><br><span class="line">    <span class="comment">// jdbcTokenRepository.setCreateTableOnStartup(true);  启动时 创建表</span></span><br><span class="line">    <span class="keyword">return</span> jdbcTokenRepository;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>3.配置自动登录</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@Override</span></span><br><span class="line"><span class="function"><span class="keyword">protected</span> <span class="keyword">void</span> <span class="title">configure</span><span class="params">(HttpSecurity http)</span> <span class="keyword">throws</span> Exception </span>&#123;</span><br><span class="line">    http.logout().logoutUrl(<span class="string">&quot;/logout&quot;</span>).logoutSuccessUrl(<span class="string">&quot;/login.html&quot;</span>).permitAll();</span><br><span class="line">    http.exceptionHandling().accessDeniedPage(<span class="string">&quot;/uuauth.html&quot;</span>);</span><br><span class="line">    http.formLogin()   </span><br><span class="line">        .loginPage(<span class="string">&quot;/login.html&quot;</span>)  </span><br><span class="line">        .loginProcessingUrl(<span class="string">&quot;/user/login&quot;</span>) </span><br><span class="line">        .defaultSuccessUrl(<span class="string">&quot;/success.html&quot;</span>).permitAll()  </span><br><span class="line">        .and().authorizeRequests()</span><br><span class="line">        .antMatchers(<span class="string">&quot;/&quot;</span>,<span class="string">&quot;/hello&quot;</span>,<span class="string">&quot;/user/login&quot;</span>) </span><br><span class="line">        .permitAll()   </span><br><span class="line">        .antMatchers(<span class="string">&quot;/index&quot;</span>).hasRole(<span class="string">&quot;user&quot;</span>)</span><br><span class="line">        .anyRequest().authenticated()</span><br><span class="line">        </span><br><span class="line">        .and().rememberMe().tokenRepository(persistentTokenRepository())</span><br><span class="line">        .tokenValiditySeconds(<span class="number">60</span>)   <span class="comment">//设置有效时长</span></span><br><span class="line">        .userDetailsService(userDetailsService)</span><br><span class="line"></span><br><span class="line">        .and().csrf().disable(); </span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>4.登陆页面添加 记住我</p>
<figure class="highlight"><table><tr><td class="code"><pre><span class="line">&lt;!DOCTYPE html&gt;</span><br><span class="line">&lt;html lang=<span class="string">&quot;en&quot;</span>&gt;</span><br><span class="line">&lt;head&gt;</span><br><span class="line">    &lt;meta charset=<span class="string">&quot;UTF-8&quot;</span>&gt;</span><br><span class="line">    &lt;title&gt;Title&lt;/title&gt;</span><br><span class="line">&lt;/head&gt;</span><br><span class="line">&lt;body&gt;</span><br><span class="line">    &lt;form method=<span class="string">&quot;post&quot;</span> action=<span class="string">&quot;/user/login&quot;</span>&gt;</span><br><span class="line">        用户名：&lt;input type=<span class="string">&quot;text&quot;</span> name=<span class="string">&quot;username&quot;</span>&gt;</span><br><span class="line">        &lt;br&gt;</span><br><span class="line">        密码：&lt;input type=<span class="string">&quot;text&quot;</span> name=<span class="string">&quot;password&quot;</span>&gt;</span><br><span class="line">        &lt;br&gt;</span><br><span class="line">        &lt;input type=<span class="string">&quot;checkbox&quot;</span> name=<span class="string">&quot;remember-me&quot;</span>&gt; 自动登录   &lt;!-- name 必须为 <span class="string">&quot;remember-me&quot;</span>  --&gt;</span><br><span class="line">        &lt;br&gt;</span><br><span class="line">        &lt;input type=<span class="string">&quot;submit&quot;</span> value=<span class="string">&quot;login&quot;</span>&gt;</span><br><span class="line">    &lt;/form&gt;</span><br><span class="line">&lt;/body&gt;</span><br><span class="line">&lt;/html&gt;</span><br></pre></td></tr></table></figure>

<p>5.运行测试</p>
<p>等着之后，数据会存在 cookie  中 ; 也因为数据库为框架内部设置好的，所以也会存在数据库表中</p>
<img src= "/img/loading.gif" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210414234022.png" alt="3"  />

<p><img src= "/img/loading.gif" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210414234026.png" alt="4"></p>
<h2 id="CSRF-保护"><a href="#CSRF-保护" class="headerlink" title="CSRF 保护"></a>CSRF 保护</h2><blockquote>
<p>CSRF（Cross-site request forgery）跨站请求伪造，也被称为“One Click Attack“或者Session Riding，通常缩写为CSRF或XSRF，是一种对网站的恶意攻击。是一种依赖web浏览器的、被混淆过的代理人攻击。</p>
<p><strong>常见特性:</strong></p>
<ul>
<li>依靠用户标识危害网站</li>
<li>利用网站对用户表识的信任</li>
<li>欺骗用户的浏览器发送HTTP请求给目标站点</li>
<li>可以通过IMG标签会触发一个GET请求，可以利用它来实现CSRF攻击。</li>
</ul>
</blockquote>
<blockquote>
<p>该种方式只能对 <code>POST</code> 、<code>PUT</code> 、 <code>DELETE</code> 、<code>PATCH</code>  发送方式进行保护</p>
</blockquote>
<p>1.引入依赖</p>
<figure class="highlight xml"><table><tr><td class="code"><pre><span class="line"><span class="comment">&lt;!-- thymeleaf 引擎 --&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">dependency</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">groupId</span>&gt;</span>org.thymeleaf.extras<span class="tag">&lt;/<span class="name">groupId</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">artifactId</span>&gt;</span>thymeleaf-extras-springsecurity4<span class="tag">&lt;/<span class="name">artifactId</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">version</span>&gt;</span>3.0.2.RELEASE<span class="tag">&lt;/<span class="name">version</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">dependency</span>&gt;</span></span><br></pre></td></tr></table></figure>

<p>2.创建CSRF测试前端页面</p>
<p>先直接在static文件夹下创建一个login页面</p>
<figure class="highlight html"><table><tr><td class="code"><pre><span class="line"><span class="meta">&lt;!DOCTYPE <span class="meta-keyword">html</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">html</span> <span class="attr">lang</span>=<span class="string">&quot;en&quot;</span>  <span class="attr">xmlns:th</span>=<span class="string">&quot;http://www.thymeleaf.org&quot;</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">head</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">meta</span> <span class="attr">charset</span>=<span class="string">&quot;UTF-8&quot;</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">title</span>&gt;</span>Title<span class="tag">&lt;/<span class="name">title</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">head</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">body</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">form</span> <span class="attr">method</span>=<span class="string">&quot;post&quot;</span> <span class="attr">action</span>=<span class="string">&quot;/user/login&quot;</span>&gt;</span></span><br><span class="line">        用户名：<span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;text&quot;</span> <span class="attr">name</span>=<span class="string">&quot;username&quot;</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">br</span>&gt;</span></span><br><span class="line">        密码：<span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;text&quot;</span> <span class="attr">name</span>=<span class="string">&quot;password&quot;</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">br</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;checkbox&quot;</span> <span class="attr">name</span>=<span class="string">&quot;remember-me&quot;</span>&gt;</span> 自动登录</span><br><span class="line">        <span class="tag">&lt;<span class="name">br</span>&gt;</span></span><br><span class="line">         <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;submit&quot;</span> <span class="attr">value</span>=<span class="string">&quot;login&quot;</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">form</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">body</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">html</span>&gt;</span></span><br></pre></td></tr></table></figure>

<p>首先在resources文件夹下创建 templates 文件夹， Spring Boot 默认Controller层跳转路径为该文件夹下页面</p>
<p>csrf.html</p>
<figure class="highlight html"><table><tr><td class="code"><pre><span class="line"><span class="meta">&lt;!DOCTYPE <span class="meta-keyword">html</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">html</span> <span class="attr">lang</span>=<span class="string">&quot;en&quot;</span>  <span class="attr">xmlns:th</span>=<span class="string">&quot;http://www.thymeleaf.org&quot;</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">head</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">meta</span> <span class="attr">charset</span>=<span class="string">&quot;UTF-8&quot;</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">title</span>&gt;</span>Title<span class="tag">&lt;/<span class="name">title</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">head</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">body</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">form</span> <span class="attr">method</span>=<span class="string">&quot;post&quot;</span> <span class="attr">action</span>=<span class="string">&quot;token&quot;</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;hidden&quot;</span>  <span class="attr">th:name</span>= <span class="string">&quot;$&#123;_csrf.parameterName&#125;&quot;</span> <span class="attr">th:value</span>=<span class="string">&quot;$&#123;_csrf.token&#125;&quot;</span> /&gt;</span></span><br><span class="line">        用户名：<span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;text&quot;</span> <span class="attr">name</span>=<span class="string">&quot;username&quot;</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">br</span>&gt;</span></span><br><span class="line">        密码：<span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;text&quot;</span> <span class="attr">name</span>=<span class="string">&quot;password&quot;</span>&gt;</span></span><br><span class="line"></span><br><span class="line">         <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">&quot;submit&quot;</span> <span class="attr">value</span>=<span class="string">&quot;login&quot;</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">form</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">body</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">html</span>&gt;</span></span><br></pre></td></tr></table></figure>

<p>csrf_success.html</p>
<figure class="highlight html"><table><tr><td class="code"><pre><span class="line"><span class="meta">&lt;!DOCTYPE <span class="meta-keyword">html</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">html</span> <span class="attr">lang</span>=<span class="string">&quot;en&quot;</span> <span class="attr">xmlns:th</span>=<span class="string">&quot;http://www.thymeleaf.org&quot;</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">head</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">meta</span> <span class="attr">charset</span>=<span class="string">&quot;UTF-8&quot;</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">title</span>&gt;</span>Title<span class="tag">&lt;/<span class="name">title</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">head</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">body</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">span</span> <span class="attr">th:text</span>=<span class="string">&quot;$&#123;_csrf.token&#125;&quot;</span>&gt;</span><span class="tag">&lt;/<span class="name">span</span>&gt;</span> <span class="tag">&lt;<span class="name">br</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">body</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">html</span>&gt;</span></span><br></pre></td></tr></table></figure>

<p>3.创建Controller层代码</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line"><span class="meta">@Controller</span></span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">CSRFController</span> </span>&#123;</span><br><span class="line"></span><br><span class="line">    <span class="meta">@GetMapping(&quot;/csrf&quot;)</span></span><br><span class="line">    <span class="function"><span class="keyword">public</span> String <span class="title">csrf</span><span class="params">(Model model)</span> </span>&#123;</span><br><span class="line">        <span class="keyword">return</span> <span class="string">&quot;csrf&quot;</span>;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="meta">@PostMapping(&quot;/csrf_success&quot;)</span></span><br><span class="line">    <span class="function"><span class="keyword">public</span> String <span class="title">success</span><span class="params">()</span> </span>&#123;</span><br><span class="line">        <span class="keyword">return</span> <span class="string">&quot;csrf_success&quot;</span>;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>4.修改配置类代码</p>
<figure class="highlight java"><table><tr><td class="code"><pre><span class="line">http.formLogin()</span><br><span class="line">    .loginProcessingUrl(<span class="string">&quot;/user/login&quot;</span>) </span><br><span class="line">    .defaultSuccessUrl(<span class="string">&quot;/&quot;</span>).permitAll() </span><br><span class="line">    .and().authorizeRequests()</span><br><span class="line">    .antMatchers(<span class="string">&quot;/&quot;</span>,<span class="string">&quot;/csrf&quot;</span>,<span class="string">&quot;/user/login&quot;</span>) </span><br><span class="line">    .permitAll();</span><br><span class="line"><span class="comment">//	.and().csrf().disable(); //关闭csrf</span></span><br></pre></td></tr></table></figure>

<p>5.运行测试</p>
<p>这时候已经将CSRF开启了，这时候进入测试路径：</p>
<p><a target="_blank" rel="noopener" href="http://localhost:8081/csrf">http://localhost:8081/csrf</a></p>
<p>输入账号密码，会成功进入 /csrf_success   ； 并且页面中显示 <code>_csrf.token</code></p>
<p><img src= "/img/loading.gif" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210415103149.png" alt="5"></p>
</div><div class="post-copyright"><div class="post-copyright__author"><span class="post-copyright-meta">文章作者: </span><span class="post-copyright-info"><a href="mailto:undefined">MoYu-zc</a></span></div><div class="post-copyright__type"><span class="post-copyright-meta">文章链接: </span><span class="post-copyright-info"><a href="http://example.com/2021/05/06/Spring%20Security%20%20%E4%B8%8B/">http://example.com/2021/05/06/Spring Security  下/</a></span></div><div class="post-copyright__notice"><span class="post-copyright-meta">版权声明: </span><span class="post-copyright-info">本博客所有文章除特别声明外，均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/" target="_blank">CC BY-NC-SA 4.0</a> 许可协议。转载请注明来自 <a href="http://example.com" target="_blank">FATE</a>！</span></div></div><div class="tag_share"><div class="post-meta__tag-list"><a class="post-meta__tags" href="/tags/SpringBoot/">SpringBoot</a><a class="post-meta__tags" href="/tags/SpringSecurity/">SpringSecurity</a></div><div class="post_share"><div class="social-share" data-image="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210223164156.jpg" data-sites="facebook,twitter,wechat,weibo,qq"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/social-share.js/dist/css/share.min.css"><script src="https://cdn.jsdelivr.net/npm/social-share.js/dist/js/social-share.min.js" defer></script></div></div><div class="post-reward"><div class="reward-button"><i class="fas fa-qrcode"></i> 打赏<div class="reward-main"><ul class="reward-all"><li class="reward-item"><a href="/img/wx.png" target="_blank"><img class="post-qr-code-img" data-lazy-src="/img/wx.png" alt="wechat"/></a><div class="post-qr-code-desc">wechat</div></li><li class="reward-item"><a href="/img/zfb.jpg" target="_blank"><img class="post-qr-code-img" data-lazy-src="/img/zfb.jpg" alt="alipay"/></a><div class="post-qr-code-desc">alipay</div></li></ul></div></div></div><nav class="pagination-post" id="pagination"><div class="prev-post pull-left"><a href="/2021/05/07/source%20is%20null%20for%20getProperty(null,%20name)/"><img class="prev-cover" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210219145449.jpg" onerror="onerror=null;src='/img/404.jpg'"><div class="pagination-info"><div class="label">上一篇</div><div class="prev_info">source is null for getProperty(null, &quot;name&quot;)</div></div></a></div><div class="next-post pull-right"><a href="/2021/05/04/Spring%20Security%20%20%E4%B8%8A/"><img class="next-cover" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210504135113.png" onerror="onerror=null;src='/img/404.jpg'"><div class="pagination-info"><div class="label">下一篇</div><div class="next_info">Spring Security  上</div></div></a></div></nav><div class="relatedPosts"><div class="headline"><i class="fas fa-thumbs-up fa-fw"></i><span> 相关推荐</span></div><div class="relatedPosts-list"><div><a href="/2021/05/04/Spring Security  上/" title="Spring Security  上"><img class="cover" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210504135113.png"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-05-04</div><div class="title">Spring Security  上</div></div></a></div><div><a href="/2021/04/12/Mybatis-plus 上/" title="Mybatis-plus 上"><img class="cover" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210319092322.jpg"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-04-12</div><div class="title">Mybatis-plus 上</div></div></a></div><div><a href="/2021/04/15/Mybatis-plus 下/" title="Mybatis-plus 下"><img class="cover" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210219145449.jpg"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-04-15</div><div class="title">Mybatis-plus 下</div></div></a></div><div><a href="/2021/05/26/Could not autowire. No beans of 'xxx' type found/" title="Could not autowire. No beans of 'xxx' type found"><img class="cover" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210223164156.jpg"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-05-26</div><div class="title">Could not autowire. No beans of 'xxx' type found</div></div></a></div><div><a href="/2021/03/22/07.Spring Boot合集/" title="Spring Boot合集"><img class="cover" data-lazy-src="https://gitee.com/MoYu-zc/picgo/raw/master/img/20210217161659.jpg"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-03-22</div><div class="title">Spring Boot合集</div></div></a></div></div></div><hr/><div id="post-comment"><div class="comment-head"><div class="comment-headline"><i class="fas fa-comments fa-fw"></i><span> 评论</span></div></div><div class="comment-wrap"><div><div class="vcomment" id="vcomment"></div></div></div></div></article></main><footer id="footer"><div id="footer-wrap"><div class="copyright">&copy;2020 - 2022 By MoYu-zc</div><div class="footer_custom_text">Welcome,This is MoYu</div><div class="icp"><a target="_blank" rel="noopener" href="http://www.beian.gov.cn"><img class="icp-icon" src="/img/icp.png"/><span>豫ICP备20001029号</span></a></div></div></footer></div><section id="rightside"><div id="rightside-config-hide"><button id="readmode" type="button" title="阅读模式"><i class="fas fa-book-open"></i></button><button id="translateLink" type="button" title="简繁转换">繁</button><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog"></i></button><a id="to_comment" href="#post-comment" title="直达评论"><i class="fas fa-comments"></i></a><button class="close" id="mobile-toc-button" type="button" title="目录"><i class="fas fa-list-ul"></i></button><button id="chat_btn" type="button" title="rightside.chat_btn"><i class="fas fa-sms"></i></button><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></section><div class="search-dialog" id="local-search"><div class="search-dialog__title" id="local-search-title">本地搜索</div><div id="local-input-panel"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="搜索文章" type="text"/></div></div></div><hr/><div id="local-search-results"><div id="local-hits"></div><div id="local-stats"><div class="local-search-stats__hr" id="hr"><span>由</span> <a target="_blank" rel="noopener" href="https://github.com/wzpan/hexo-generator-search" style="color:#49B1F5;">hexo-generator-search</a>
 <span>提供支持</span></div></div></div><span class="search-close-button"><i class="fas fa-times"></i></span></div><div id="search-mask"></div><div><script src="https://cdn.jsdelivr.net/npm/jquery@latest/dist/jquery.min.js"></script><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="/js/tw_cn.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@latest/dist/jquery.fancybox.min.js"></script><script src="https://cdn.jsdelivr.net/npm/vanilla-lazyload/dist/lazyload.iife.min.js"></script><script src="https://cdn.jsdelivr.net/npm/node-snackbar/dist/snackbar.min.js"></script><script src="/js/search/local-search.js"></script><div class="js-pjax"><script>if (document.getElementsByClassName('mermaid').length) {
  if (window.mermaidJsLoad) mermaid.init()
  else {
    $.getScript('https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js', function () {
      window.mermaidJsLoad = true
      mermaid.initialize({
        theme: 'default',
      })
      false && mermaid.init()
    })
  }
}</script><script>function loadValine () {
  function initValine () {
    const initData = {
      el: '#vcomment',
      appId: 'uANjuzIND1m5J2AmUxp5cG6K-gzGzoHsz',
      appKey: '4ViTsc6RFpqLm1PtCIlXh5m7',
      placeholder: '请留下你的疑问、评论，我会很快回复滴~~',
      avatar: 'monsterid',
      meta: 'nick,mail,link'.split(','),
      pageSize: '10',
      lang: 'zh-CN',
      recordIP: true,
      serverURLs: '',
      emojiCDN: '',
      emojiMaps: "",
      enableQQ: true,
      path: window.location.pathname,
    }

    if (true) { 
      initData.requiredFields= ('nick,mail'.split(','))
    }

    const valine = new Valine(initData)
  }

  if (typeof Valine === 'function') initValine() 
  else $.getScript('https://cdn.jsdelivr.net/npm/valine/dist/Valine.min.js', initValine)
}

if ('Valine' === 'Valine' || !true) {
  if (true) btf.loadComment(document.querySelector('#vcomment'),loadValine)
  else setTimeout(() => loadValine(), 0)
} else {
  function loadOtherComment () {
    loadValine()
  }
}</script><script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div><script type="text/javascript" src="/js/fairyDustCursor.js"></script><script defer="defer" id="fluttering_ribbon" mobile="true" src="https://cdn.jsdelivr.net/npm/butterfly-extsrc@1/dist/canvas-fluttering-ribbon.min.js"></script><script src="https://cdn.jsdelivr.net/npm/butterfly-extsrc@1/dist/activate-power-mode.min.js"></script><script>POWERMODE.colorful = true;
POWERMODE.shake = false;
POWERMODE.mobile = true;
document.body.addEventListener('input', POWERMODE);
</script><script>window.$crisp = [];
window.CRISP_WEBSITE_ID = "86484e26-1f47-4402-a211-1efa3b0a704e";
(function () {
  d = document;
  s = d.createElement("script");
  s.src = "https://client.crisp.chat/l.js";
  s.async = 1;
  d.getElementsByTagName("head")[0].appendChild(s);
})();
$crisp.push(["safe", true])

if (true) {
  $crisp.push(["do", "chat:hide"])
  $crisp.push(["on", "chat:closed", function() {
    $crisp.push(["do", "chat:hide"])
  }])
  var chatBtnFn = () => {
    var chatBtn = document.getElementById("chat_btn")
    chatBtn.addEventListener("click", function(){
      $crisp.push(["do", "chat:show"])
      $crisp.push(["do", "chat:open"])

    });
  }
  chatBtnFn()
} else {
  if (true) {
    function chatBtnHide () {
      $crisp.push(["do", "chat:hide"])
    }
    function chatBtnShow () {
      $crisp.push(["do", "chat:show"])
    }
  }
}</script></div></body></html>